- 論壇徽章:
- 8
|
- 6. HTTP Authentication
-
- HTTP Authentication is the ability to tell the server your username and
- password so that it can verify that you're allowed to do the request you're
- doing. The Basic authentication used in HTTP (which is the type curl uses by
- default) is *plain* *text* based, which means it sends username and password
- only slightly obfuscated, but still fully readable by anyone that sniffs on
- the network between you and the remote server.
-
- To tell curl to use a user and password for authentication:
-
- curl --user name:password http://www.example.com
-
- The site might require a different authentication method (check the headers
- returned by the server), and then --ntlm, --digest, --negotiate or even
- --anyauth might be options that suit you.
-
- Sometimes your HTTP access is only available through the use of a HTTP
- proxy. This seems to be especially common at various companies. A HTTP proxy
- may require its own user and password to allow the client to get through to
- the Internet. To specify those with curl, run something like:
-
- curl --proxy-user proxyuser:proxypassword curl.haxx.se
-
- If your proxy requires the authentication to be done using the NTLM method,
- use --proxy-ntlm, if it requires Digest use --proxy-digest.
-
- If you use any one these user+password options but leave out the password
- part, curl will prompt for the password interactively.
-
- Do note that when a program is run, its parameters might be possible to see
- when listing the running processes of the system. Thus, other users may be
- able to watch your passwords if you pass them as plain command line
- options. There are ways to circumvent this.
-
- It is worth noting that while this is how HTTP Authentication works, very
- many web sites will not use this concept when they provide logins etc. See
- the Web Login chapter further below for more details on that.
復(fù)制代碼 |
|